Connection to server timed out

Hello Sophie,

Thank you for contacting the Sophos Community.

Can you connect to the shell of  the UTM using Putty and run the following command:

# wget https://gestion.ekipea.fr/

Let me know the output.

Additionally to this in the UTM could you please go to Web Protection >> Filtering Options >> Misc >> Transparent Mode Skiplist >>  Skip Transparent Mode Destination Hosts/Nets >> + >> type = DNS Host >> Hostname = gestion.ekipea.fr >> Save >> Apply

And do the same for gestion.ekipea.fr/favicon.ico"

Let me know if after this you are able to access the website.

Hello Emmanuel, 

thanks for your help, 

The output for https://gestion.ekipea.fr/

--2020-05-14 15:59:04-- (try: 5) https://gestion.ekipea.fr/
Connecting to gestion.ekipea.fr|37.58.199.78|:443... failed: Connection timed out.
Retrying.

I followed your recommendations but it still doesn't work.

Hello TEAM Reseaux,

By the output, it seems like it might be the website that is not allowing connections to the IP of the UTM.

This is the output you should see, which means the UTM can connect to the website.

utm1:/var/log # wget https://gestion.ekipea.fr/
--2020-05-14 16:09:00-- https://gestion.ekipea.fr/
Resolving gestion.ekipea.fr... 37.58.199.78
Connecting to gestion.ekipea.fr|37.58.199.78|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1944 (1.9K) [text/html]
Saving to: `index.html'

100%[===================================================================================================================================================================================================>] 1,944 --.-K/s in 0s

2020-05-14 16:09:01 (205 MB/s) - `index.html' saved [1944/1944]

So since the UTM can't connect to the site the users behind the LAN won't be able to connect either. Do you have more than one ISP provider in your UTM?

If you have another ISP please try the following command:

utm1:/var/log # wget https://gestion.ekipea.fr/ --bind-address X.X.X.X (Where X.X.X.X is your Public IP address of the other ISP) 

Please note that running only wget https://gestion.ekipea.fr/ will run it from the ISP which Port is lower so if you have two ISPs one in Port3 and another in Port4 it would do it from Port3 that is why in the command you would need to specify the IP of the Second ISP on Port 4.

Regards,

Hello, 

I only have one access provider.

I had already contacted the company that has the site.

they do not do IP filtering.

I have a Friend who has the same access provider and can access the site.

Regards,

Hello, 

I only have one access provider.

I had already contacted the company that has the site.

they do not do IP filtering.

I have a Friend who has the same access provider and can access the site.

Regards,

Hello Team Reseaux,

Usually, ISP providers might allow one IP to connect but block another for some reason. 

However, we could try to do the following to analyze a packet capture and see if the website is replying to us.

In the UTM from the Shell please run the following command as root

# tcpdump -eni any host 37.58.199.78 and port 443 -w /var/website.pcap -b

In a second Putty connection try the same command as before 

# wget https://gestion.ekipea.fr/

Once it fails, stop the pcap on the First putty session by pressing Ctrl + C (Note: You won't see any output during the capture)

Once you have done this, please enable Support Access in your UTM and send me the Access ID by PM so I can get the packet capture and analyze it

To enable remote assistance please go to Support >> Support Access >> On >> Access Status >> and copy & paste the Access ID and send it to me, please. Thanks!